npm - @lenne.tech/nest-server - Versions diffs - 9.0.31 → 9.2.0 - Mend

@lenne.tech/nest-server 9.0.31 → 9.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (135) hide show

package/src/core/common/services/module.service.ts CHANGED Viewed

@@ -7,11 +7,17 @@ import { prepareInput, prepareOutput } from '../helpers/service.helper';
 import { ServiceOptions } from '../interfaces/service-options.interface';
 import { CoreModel } from '../models/core-model.model';
 import { FieldSelection } from '../types/field-selection.type';
+import { ConfigService } from './config.service';
 /**
  * Module service class to be extended by concrete module services
  */
 export abstract class ModuleService<T extends CoreModel = any> {
+  /**
+   * Config service, is used to determine certain behavior
+   */
+  protected configService: ConfigService;
   /**
    * Main model constructor of the service, will be used as default for populate and mapping
    */
@@ -26,9 +32,11 @@ export abstract class ModuleService<T extends CoreModel = any> {
    * Set main properties
    */
   protected constructor(options?: {
-    mainDbModel: Model<T & Document>;
+    configService?: ConfigService;
+    mainDbModel?: Model<T & Document>;
     mainModelConstructor?: new (...args: any[]) => T;
   }) {
+    this.configService = options?.configService;
     this.mainDbModel = options?.mainDbModel;
     this.mainModelConstructor = options?.mainModelConstructor;
   }
@@ -90,13 +98,21 @@ export abstract class ModuleService<T extends CoreModel = any> {
       ...options?.serviceOptions,
     };
+    // Set default for ignoreSelections if not set
+    const ignoreSelections = this.configService?.getFastButReadOnly('ignoreSelectionsForPopulate', false);
+    if (ignoreSelections) {
+      if (config.processFieldSelection.ignoreSelections === undefined) {
+        config.processFieldSelection.ignoreSelections = ignoreSelections;
+      }
+    }
     // Note force configuration
     if (config.force) {
       config.checkRights = false;
-      if (typeof config.prepareInput === 'object') {
+      if (config.prepareInput && typeof config.prepareInput === 'object') {
         config.prepareInput.checkRoles = false;
       }
-      if (typeof config.prepareOutput === 'object') {
+      if (config.prepareOutput && typeof config.prepareOutput === 'object') {
         config.prepareOutput.removeSecrets = false;
       }
     }
@@ -104,6 +120,9 @@ export abstract class ModuleService<T extends CoreModel = any> {
     // Note populate
     if (config.populate) {
       config.fieldSelection = config.populate;
+      if (config.processFieldSelection?.ignoreSelections) {
+        config.processFieldSelection.ignoreSelections = false;
+      }
     }
     // Prepare input
@@ -220,6 +239,7 @@ export abstract class ModuleService<T extends CoreModel = any> {
     options: {
       model?: new (...args: any[]) => T;
       dbModel?: Model<T & Document>;
+      ignoreSelections?: boolean;
     } = {}
   ) {
     const config = {
@@ -227,6 +247,8 @@ export abstract class ModuleService<T extends CoreModel = any> {
       dbModel: this.mainDbModel,
       ...options,
     };
-    return popAndMap(data, fieldsSelection, config.model, config.dbModel);
+    return popAndMap(data, fieldsSelection, config.model, config.dbModel, {
+      ignoreSelections: config.ignoreSelections,
+    });
   }
 }

package/src/core/modules/auth/core-auth.model.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import { Field, ObjectType } from '@nestjs/graphql';
 import { CoreModel } from '../../common/models/core-model.model';
+import { CoreUserModel } from '../user/core-user.model';
 /**
  * CoreAuth model for the response after the sign in
@@ -13,8 +14,20 @@ export class CoreAuthModel extends CoreModel {
   /**
    * JavaScript Web Token (JWT)
    */
-  @Field({ description: 'JavaScript Web Token (JWT)' })
-  token: string = undefined;
+  @Field({ description: 'JavaScript Web Token (JWT)', nullable: true })
+  token?: string = undefined;
+  /**
+   * Refresh token
+   */
+  @Field({ description: 'Refresh token', nullable: true })
+  refreshToken?: string = undefined;
+  /**
+   * Current user
+   */
+  @Field({ description: 'Current user' })
+  user: CoreUserModel = undefined;
   // ===================================================================================================================
   // Methods

package/src/core/modules/auth/core-auth.module.ts CHANGED Viewed

@@ -3,7 +3,8 @@ import { APP_GUARD } from '@nestjs/core';
 import { JwtModule, JwtModuleOptions } from '@nestjs/jwt';
 import { PassportModule } from '@nestjs/passport';
 import { RolesGuard } from './guards/roles.guard';
-import { JwtStrategy } from './jwt.strategy';
+import { JwtRefreshStrategy } from './strategies/jwt-refresh.strategy';
+import { JwtStrategy } from './strategies/jwt.strategy';
 import { CoreAuthUserService } from './services/core-auth-user.service';
 import { CoreAuthService } from './services/core-auth.service';
 import { PubSub } from 'graphql-subscriptions';
@@ -23,6 +24,7 @@ export class CoreAuthModule {
     options: JwtModuleOptions & {
       authService?: Type<CoreAuthService>;
       jwtStrategy?: Type<JwtStrategy>;
+      jwtRefreshStrategy?: Type<JwtRefreshStrategy>;
       imports?: Array<Type<any> | DynamicModule | Promise<DynamicModule> | ForwardReference>;
       providers?: Provider[];
     }
@@ -56,6 +58,10 @@ export class CoreAuthModule {
         provide: JwtStrategy,
         useClass: options.jwtStrategy || JwtStrategy,
       },
+      {
+        provide: JwtRefreshStrategy,
+        useClass: options.jwtRefreshStrategy || JwtRefreshStrategy,
+      },
     ];
     if (Array.isArray(options?.providers)) {
       providers = imports.concat(options.providers);
@@ -66,7 +72,7 @@ export class CoreAuthModule {
       module: CoreAuthModule,
       imports: imports,
       providers: providers,
-      exports: [CoreAuthService, JwtModule, JwtStrategy, PassportModule, UserModule],
+      exports: [CoreAuthService, JwtModule, JwtStrategy, JwtRefreshStrategy, PassportModule, UserModule],
     };
   }
 }

package/src/core/modules/auth/core-auth.resolver.ts CHANGED Viewed

@@ -1,6 +1,14 @@
-import { Args, Info, Query, Resolver } from '@nestjs/graphql';
+import { UseGuards } from '@nestjs/common';
+import { Args, Context, Info, Mutation, Resolver } from '@nestjs/graphql';
+import { Response as ResponseType } from 'express';
 import { GraphQLResolveInfo } from 'graphql';
+import { GraphQLUser } from '../../common/decorators/graphql-user.decorator';
+import { ConfigService } from '../../common/services/config.service';
 import { CoreAuthModel } from './core-auth.model';
+import { AuthGuard } from './guards/auth.guard';
+import { CoreAuthSignInInput } from './inputs/core-auth-sign-in.input';
+import { CoreAuthSignUpInput } from './inputs/core-auth-sign-up.input';
+import { ICoreAuthUser } from './interfaces/core-auth-user.interface';
 import { CoreAuthService } from './services/core-auth.service';
 /**
@@ -11,21 +19,96 @@ export class CoreAuthResolver {
   /**
    * Import services
    */
-  constructor(protected readonly authService: CoreAuthService) {}
+  constructor(protected readonly authService: CoreAuthService, protected readonly configService: ConfigService) {}
   // ===========================================================================
-  // Queries
+  // Mutations
   // ===========================================================================
   /**
-   * Get user via ID
+   * Sign in user via email and password (on specific device)
    */
-  @Query((returns) => CoreAuthModel, { description: 'Get JWT token' })
+  @Mutation((returns) => CoreAuthModel, {
+    description: 'Sign in user via email and password and get JWT tokens (for specific device)',
+  })
   async signIn(
-    @Args('email') email: string,
-    @Args('password') password: string,
-    @Info() info: GraphQLResolveInfo
-  ): Promise<Partial<CoreAuthModel>> {
-    return await this.authService.signIn(email, password, { fieldSelection: { info, select: 'signIn' } });
+    @Info() info: GraphQLResolveInfo,
+    @Context() ctx: { res: ResponseType },
+    @Args('input') input: CoreAuthSignInInput
+  ): Promise<CoreAuthModel> {
+    const result = await this.authService.signIn(input, { fieldSelection: { info, select: 'signIn' } });
+    return this.processCookies(ctx, result);
+  }
+  /**
+   * Logout user (from specific device)
+   */
+  @Mutation((returns) => CoreAuthModel, { description: 'Logout user (from specific device)' })
+  async logout(
+    @GraphQLUser() currentUser: ICoreAuthUser,
+    @Context() ctx: { res: ResponseType },
+    @Args('deviceId', { nullable: true }) deviceId?: string
+  ): Promise<boolean> {
+    const result = await this.authService.logout({ currentUser, deviceId });
+    return this.processCookies(ctx, result);
+  }
+  /**
+   * Refresh token (for specific device)
+   */
+  @UseGuards(AuthGuard('jwt-refresh'))
+  @Mutation((returns) => CoreAuthModel, { description: 'Refresh tokens (for specific device)' })
+  async refreshToken(
+    @GraphQLUser() user: ICoreAuthUser,
+    @Context() ctx: { res: ResponseType },
+    @Args('deviceId', { nullable: true }) deviceId?: string
+  ): Promise<CoreAuthModel> {
+    const result = await this.authService.refreshTokens(user, deviceId);
+    return this.processCookies(ctx, result);
+  }
+  /**
+   * Register a new user account (on specific device)
+   */
+  @Mutation((returns) => CoreAuthModel, { description: 'Register a new user account (on specific device)' })
+  async signUp(
+    @Info() info: GraphQLResolveInfo,
+    @Context() ctx: { res: ResponseType },
+    @Args('input') input: CoreAuthSignUpInput
+  ): Promise<CoreAuthModel> {
+    const result = await this.authService.signUp(input, { fieldSelection: { info, select: 'signUp' } });
+    return this.processCookies(ctx, result);
+  }
+  // ===================================================================================================================
+  // Helper
+  // ===================================================================================================================
+  /**
+   * Process cookies
+   */
+  protected processCookies(ctx: { res: ResponseType }, result: any) {
+    // Check if cookie handling is activated
+    if (this.configService.getFastButReadOnly('cookies')) {
+      // Set cookies
+      if (typeof result !== 'object') {
+        ctx.res.cookie('token', '', { httpOnly: true });
+        ctx.res.cookie('refreshToken', '', { httpOnly: true });
+        return result;
+      }
+      ctx.res.cookie('token', result?.token || '', { httpOnly: true });
+      ctx.res.cookie('refreshToken', result?.refreshToken || '', { httpOnly: true });
+      // Remove tokens from result
+      if (result.token) {
+        delete result.token;
+      }
+      if (result.refreshToken) {
+        delete result.refreshToken;
+      }
+    }
+    // Return prepared result
+    return result;
   }
 }

package/src/core/modules/auth/guards/auth.guard.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import { CanActivate, ExecutionContext, Logger, mixin, Optional, UnauthorizedException } from '@nestjs/common';
+import { GqlExecutionContext } from '@nestjs/graphql';
 import { AuthModuleOptions, Type } from '@nestjs/passport';
 import { defaultOptions } from '@nestjs/passport/dist/options';
 import { memoize } from '@nestjs/passport/dist/utils/memoize.util';
@@ -65,10 +66,7 @@ function createAuthGuard(type?: string): Type<CanActivate> {
       const options = { ...defaultOptions, ...this.options };
       const response = context?.switchToHttp()?.getResponse();
-      let request = this.getRequest(context);
-      if (!request) {
-        request = context?.switchToHttp()?.getRequest();
-      }
+      const request = this.getRequest(context);
       const passportFn = createPassportContext(request, response);
       const user = await passportFn(type || this.options.defaultStrategy, options, (err, currentUser, info) =>
         this.handleRequest(err, currentUser, info, context)
@@ -81,6 +79,15 @@ function createAuthGuard(type?: string): Type<CanActivate> {
      * Prepare request
      */
     getRequest<T = any>(context: ExecutionContext): T {
+      // Try to get request GraphQL context
+      try {
+        const ctx = GqlExecutionContext.create(context)?.getContext();
+        if (ctx?.req) {
+          return ctx.req;
+        }
+      } catch (e) {}
+      // Else return HTTP request
       return context && context.switchToHttp() ? context.switchToHttp().getRequest() : null;
     }
@@ -110,4 +117,4 @@ function createAuthGuard(type?: string): Type<CanActivate> {
 /**
  * Export AuthGuard
  */
-export const AuthGuard: (type?: string) => Type<IAuthGuard> = memoize(createAuthGuard);
+export const AuthGuard: (type?: string | string[]) => Type<IAuthGuard> = memoize(createAuthGuard);

package/src/core/modules/auth/guards/refresh-token.guard.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { Injectable } from '@nestjs/common';
+import { AuthGuard } from './auth.guard';
+@Injectable()
+export class RefreshTokenGuard extends AuthGuard('jwt-refresh') {}

package/src/core/modules/auth/guards/roles.guard.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { ExecutionContext, Inject, Injectable, UnauthorizedException } from '@nestjs/common';
+import { ExecutionContext, Injectable, UnauthorizedException } from '@nestjs/common';
 import { Reflector } from '@nestjs/core';
 import { GqlExecutionContext } from '@nestjs/graphql';
 import { RoleEnum } from '../../../common/enums/role.enum';

package/src/core/modules/auth/inputs/core-auth-sign-in.input.ts CHANGED Viewed

@@ -10,6 +10,9 @@ export class CoreAuthSignInInput extends CoreInput {
   // Properties
   // ===================================================================================================================
+  @Field({ description: 'Device ID', nullable: true })
+  deviceId?: string = undefined;
   @Field({ description: 'Email', nullable: false })
   email: string = undefined;

package/src/core/modules/auth/inputs/core-auth-sign-up.input.ts CHANGED Viewed

@@ -10,6 +10,9 @@ export class CoreAuthSignUpInput extends CoreInput {
   // Properties
   // ===================================================================================================================
+  @Field({ description: 'Device ID', nullable: true })
+  deviceId?: string = undefined;
   @Field({ description: 'Email', nullable: false })
   email: string = undefined;

package/src/core/modules/auth/interfaces/core-auth-user.interface.ts CHANGED Viewed

@@ -2,6 +2,11 @@
  * Interface for user used in authorization module
  */
 export interface ICoreAuthUser {
+  /**
+   * ID of the user
+   */
+  id: string;
   /**
    * Email of the user
    */
@@ -11,4 +16,14 @@ export interface ICoreAuthUser {
    * Password of the user
    */
   password: string;
+  /**
+   * Refresh token
+   */
+  refreshToken?: string;
+  /**
+   * Refresh tokens for different devices
+   */
+  refreshTokens?: Record<string, string>;
 }

package/src/core/modules/auth/interfaces/jwt-payload.interface.ts CHANGED Viewed

@@ -2,5 +2,5 @@
  * Interface for jwt payload
  */
 export interface JwtPayload {
-  email: string;
+  id: string;
 }

package/src/core/modules/auth/services/core-auth-user.service.ts CHANGED Viewed

@@ -5,6 +5,16 @@ import { ICoreAuthUser } from '../interfaces/core-auth-user.interface';
  * Abstract class for user service in authorization module
  */
 export abstract class CoreAuthUserService {
+  /**
+   * Create user
+   */
+  abstract create(input: any, serviceOptions?: ServiceOptions): Promise<ICoreAuthUser>;
+  /**
+   * Get user via ID
+   */
+  abstract get(id: string, serviceOptions?: ServiceOptions): Promise<ICoreAuthUser>;
   /**
    * Get user via email
    */
@@ -14,4 +24,9 @@ export abstract class CoreAuthUserService {
    * Prepare output
    */
   abstract prepareOutput(output: any, options?: ServiceOptions): Promise<ICoreAuthUser>;
+  /**
+   * Update user
+   */
+  abstract update(id: string, input: any, serviceOptions?: ServiceOptions): Promise<ICoreAuthUser>;
 }

package/src/core/modules/auth/services/core-auth.service.ts CHANGED Viewed

@@ -2,7 +2,13 @@ import { Injectable, UnauthorizedException } from '@nestjs/common';
 import { JwtService } from '@nestjs/jwt';
 import * as bcrypt from 'bcrypt';
 import { sha256 } from 'js-sha256';
+import { getStringIds } from '../../../common/helpers/db.helper';
+import { prepareServiceOptions } from '../../../common/helpers/service.helper';
 import { ServiceOptions } from '../../../common/interfaces/service-options.interface';
+import { ConfigService } from '../../../common/services/config.service';
+import { CoreAuthModel } from '../core-auth.model';
+import { CoreAuthSignInInput } from '../inputs/core-auth-sign-in.input';
+import { CoreAuthSignUpInput } from '../inputs/core-auth-sign-up.input';
 import { ICoreAuthUser } from '../interfaces/core-auth-user.interface';
 import { JwtPayload } from '../interfaces/jwt-payload.interface';
 import { CoreAuthUserService } from './core-auth-user.service';
@@ -12,18 +18,82 @@ import { CoreAuthUserService } from './core-auth-user.service';
  */
 @Injectable()
 export class CoreAuthService {
-  constructor(protected readonly userService: CoreAuthUserService, protected readonly jwtService: JwtService) {}
+  /**
+   * Integrate services
+   */
+  constructor(
+    protected readonly userService: CoreAuthUserService,
+    protected readonly jwtService: JwtService,
+    protected readonly configService: ConfigService
+  ) {}
+  /**
+   * Decode JWT
+   */
+  decodeJwt(token: string): JwtPayload {
+    return this.jwtService.decode(token) as JwtPayload;
+  }
+  /**
+   * Logout user (from device)
+   */
+  async logout(serviceOptions: ServiceOptions & { deviceId?: string }): Promise<boolean> {
+    const user = serviceOptions.currentUser;
+    if (!serviceOptions.currentUser) {
+      throw new UnauthorizedException();
+    }
+    const deviceId = serviceOptions.deviceId;
+    if (deviceId) {
+      if (!user.refreshTokens[deviceId]) {
+        return false;
+      }
+      delete user.refreshTokens[deviceId];
+      await this.userService.update(user.id, { refreshTokens: user.refreshTokens }, serviceOptions);
+      return true;
+    }
+    user.refreshToken = null;
+    user.refreshTokens = {};
+    await this.userService.update(
+      user.id,
+      {
+        refreshToken: user.refreshToken,
+        refreshTokens: user.refreshTokens,
+      },
+      serviceOptions
+    );
+    return true;
+  }
+  /**
+   * Refresh tokens
+   */
+  async refreshTokens(user: ICoreAuthUser, deviceId?: string) {
+    // Create new tokens
+    const tokens = await this.getTokens(user.id);
+    await this.updateRefreshToken(user, tokens.refreshToken, { deviceId });
+    // Return
+    return CoreAuthModel.map({
+      ...tokens,
+      user: await this.userService.prepareOutput(user),
+    });
+  }
   /**
    * User sign in via email
    */
-  async signIn(
-    email: string,
-    password: string,
-    serviceOptions?: ServiceOptions
-  ): Promise<{ token: string; user: ICoreAuthUser }> {
-    serviceOptions = serviceOptions || {};
-    serviceOptions.prepareOutput = null;
+  async signIn(input: CoreAuthSignInInput, serviceOptions?: ServiceOptions): Promise<CoreAuthModel> {
+    // Prepare service options
+    const serviceOptionsForUserService = prepareServiceOptions(serviceOptions, {
+      // We need password, so we can't use prepare output handling and have to deactivate it
+      prepareOutput: null,
+      // Select user field for automatic populate handling via user service
+      subFieldSelection: 'user',
+    });
+    // Inputs
+    const { email, password, deviceId } = input;
     // Get user
     const user = await this.userService.getViaEmail(email, serviceOptions);
@@ -34,25 +104,153 @@ export class CoreAuthService {
       throw new UnauthorizedException();
     }
-    // Return JWT
-    const payload: JwtPayload = { email: user.email };
-    return {
-      token: this.jwtService.sign(payload),
-      user: await this.userService.prepareOutput(user),
-    };
+    // Set device ID
+    serviceOptionsForUserService.deviceId = input.deviceId;
+    // Return tokens and user
+    return this.getResult(user, serviceOptions);
+  }
+  /**
+   * Register a new user account
+   */
+  async signUp(input: CoreAuthSignUpInput, serviceOptions?: ServiceOptions): Promise<CoreAuthModel> {
+    // Prepare service options
+    const serviceOptionsForUserService = prepareServiceOptions(serviceOptions, {
+      // Select user field for automatic populate handling via user service
+      subFieldSelection: 'user',
+    });
+    // Get and check user
+    const user = await this.userService.create(input, serviceOptionsForUserService);
+    if (!user) {
+      throw Error('Email Address already in use');
+    }
+    // Set device ID
+    serviceOptionsForUserService.deviceId = input.deviceId;
+    // Return tokens and user
+    return this.getResult(user, serviceOptionsForUserService);
   }
   /**
    * Validate user
    */
   async validateUser(payload: JwtPayload): Promise<any> {
-    return await this.userService.getViaEmail(payload.email);
+    // Get user
+    const user = await this.userService.get(payload.id);
+    // Check if user exists and is logged in
+    if (!user?.refreshToken) {
+      return null;
+    }
+    // Return user
+    return user;
   }
+  // ===================================================================================================================
+  // Helper
+  // ===================================================================================================================
   /**
-   * Decode JWT
+   * Rest result with user and tokens
    */
-  decodeJwt(token: string): JwtPayload {
-    return this.jwtService.decode(token) as JwtPayload;
+  protected async getResult(user: ICoreAuthUser, serviceOptions: ServiceOptions & { deviceId?: string }) {
+    // Create new tokens
+    const tokens = await this.getTokens(user.id);
+    // Set refresh token
+    await this.updateRefreshToken(user, tokens.refreshToken, serviceOptions);
+    // Return tokens and user
+    return CoreAuthModel.map({
+      ...tokens,
+      user: await this.userService.prepareOutput(user),
+    });
+  }
+  /**
+   * Get secret from JWT or refresh config
+   */
+  protected getSecretFromConfig(refresh?: boolean) {
+    let path = 'jwt';
+    if (refresh) {
+      path += '.refresh';
+    }
+    return (
+      this.configService.getFastButReadOnly(path + '.signInOptions.secret') ||
+      this.configService.getFastButReadOnly(path + '.signInOptions.secretOrPrivateKey') ||
+      this.configService.getFastButReadOnly(path + '.secret') ||
+      this.configService.getFastButReadOnly(path + '.secretOrPrivateKey')
+    );
+  }
+  /**
+   * Get JWT and refresh token
+   */
+  protected async getTokens(userId: string) {
+    const [token, refreshToken] = await Promise.all([
+      this.jwtService.signAsync(
+        { id: userId },
+        {
+          secret: this.getSecretFromConfig(false),
+          ...this.configService.getFastButReadOnly('jwt.signInOptions', {}),
+        }
+      ),
+      this.jwtService.signAsync(
+        { id: userId },
+        {
+          secret: this.getSecretFromConfig(true),
+          ...this.configService.getFastButReadOnly('jwt.refresh.signInOptions', {}),
+        }
+      ),
+    ]);
+    return {
+      token,
+      refreshToken,
+    };
+  }
+  /**
+   * Update refresh token(s)
+   */
+  protected async updateRefreshToken(
+    user: ICoreAuthUser,
+    refreshToken: string,
+    serviceOptions: ServiceOptions & { deviceId?: string } = {}
+  ) {
+    const hashedRefreshToken = await bcrypt.hash(refreshToken, 10);
+    const deviceId = serviceOptions?.deviceId;
+    if (deviceId) {
+      if (!user.refreshTokens) {
+        user.refreshTokens = {};
+      }
+      user.refreshTokens[deviceId] = hashedRefreshToken;
+      // Refresh token must be set even if only a specific device is logged in, because of the check in the validateUser method
+      if (!user.refreshToken) {
+        user.refreshToken = hashedRefreshToken;
+      }
+      return await this.userService.update(
+        getStringIds(user),
+        { refreshTokens: user.refreshTokens, refreshToken: user.refreshToken },
+        {
+          ...serviceOptions,
+          force: true,
+        }
+      );
+    }
+    user.refreshToken = hashedRefreshToken;
+    return await this.userService.update(
+      getStringIds(user),
+      { refreshToken: hashedRefreshToken },
+      {
+        ...serviceOptions,
+        force: true,
+      }
+    );
   }
 }